Directory structure

Is created when puppet is installed. It should essentially contain this on the appropriate branch (usually multi-node). This repo contains the manifests and templates directories where the one part of COE will reside.

/etc/puppet/manifests

Contains the site.pp, which is used to customise the install in common ways, such as configuring the network settings and defining which nodes to manage. Site.pp is internally documented and will be different for each site. This directory also has core.pp and cobbler_node.pp: core.pp is used to provide a clean interface between the Openstack puppet modules and the user-facing site.pp; cobbler_node.pp is specifically targeted at managing the cobbler module. The scripts in the directory are helpers that perform the following functions:

clean_node.sh Is used to wipe the puppet cert of a node and set it to install on next boot. Usage: clean_node.sh $target_node

puppet-modules.sh Is used to install all the modules in modules.list via apt. Usage puppet-modules.sh

reset_build_node.sh Will clean up the build node so that a subsequent puppet apply will test with a (roughly) clean slate. Purges installed packages, removes var directories and some config files. Usage: reset_build_node.sh

reset_nodes.sh Removes all nodes from cobbler db and then runs puppet to insert them again. Usage: reset_nodes.sh

/etc/puppet/templates

Contains a template for /etc/network/interfaces. This can be modified by sites that have complex networks to meet their requirements. It is applied via a late command and not directly managed by puppet.
The second file in this directory can be used to move IP addresses between physical nics and Openvswitch ports and is not needed in the majority of cases. It is controlled by numbered_vs_port in site.pp.

/etc/puppet/modules or /usr/share/puppet/modules

Either of these locations can be used to house the puppet modules. The COE apt packages will install them to /usr/share/puppet/modules.

Understanding the install sequence

Because COE handles both provisioning of the base OS and deployment of applications the install sequence for a node is quite long. The install takes the following steps:

COE puppet modules and manifests are installed on the build node from either git or apt

Puppet apply is run on the build node, which does the following:

Cobbler is installed on the build node

The Ubuntu 12.04 install image is loaded into cobbler using cobbler-import-ubuntu-x86_64

The out-of-band information for the target node is inserted into the cobbler database

A preseed file is created to automate the install, which has the following in the late command:

Sets puppet to run after the node has booted, depending on whether autostart_puppet has been set

Sets the puppetmaster address and sync interval in puppet.conf

Syncs to the build node ntp server

Optionally disables IPv6 router advertisement

Optionally installs the ethernet bonding module

Sets /etc/network/interfaces based on /etc/puppet/templates/interfaces.erb in the late command

HTTP posts to cobbler on the build node to say that the install completed successfully

HTTP posts to cobbler on the build node to request no more install boots (so the machine will receive a PXE command to boot from local disk instead)

The target node is rebooted using the clean_node.sh script on the build node, or by hand, which will install ubuntu and run everything in step 2.4

The target node will finish the install, reboot, then boot into the newly installed OS

If autostart_puppet has been set, the node will run puppet agent, and install everything needed for either a control or a compute node.

Most of the complexity here is tied up in the late command. If you need to add a system module and want it to be available as soon as the system reboots then this is the place to put it. The easiest way to do this is by modifying cobbler_node.pp and adding lines to the late command there. This is an example of a general guideline: try to avoid modifying the puppet modules, and instead change things from the manifests folder where possible.

Modules

apache

[DEPRECATED] Manages the apache http daemon. Apache is used by Horizon, puppetmaster and Graphite among other things, but is handled by requiring the apache package and creating site-enabled entries instead of using the module.

apt

The base node as defined in core.pp defines an apt::source which contains the PGP key for Cisco's Openstack and puppet packages. This means every node has access to the Cisco apt repo.

apt-cacher-ng

This manages the apt-cacher-ng daemon which greatly accelerates the install process by eliminating the need for all nodes to install from the internet. The build node runs the apt cacher, which is defined in core.pp under master-node

cobbler

The cobbler module is used to install and maintain the core functionality of the build node: deploying servers. The cobbler module is configured via cobbler-node.pp in the manifests folder. The module itself is not very mature, and it is conceivable that an advanced developer may need to customise this module in order to change some part of the node install process. A good example would be installing 32 bit ubuntu instead of 64, which would require a different arch to be passed into the ubuntu class in the cobbler module, so that cobbler-ubuntu-import will bring in the correct install image. Cobbler also manages dhcp, dnsmasq, PXE, tftp and some http services. The module itself is quite barebones and should be easy to extend if needed.

coe

This is a very small module that adds a web page on the build server with links to other services such as Horizon, Nagios and Graphite.

collectd

Collectd is a metrics collection system. This module will install the collectd client, and point the client at the graphite server (on the build node).

concat

This is a puppet module for constructing files out of fragments. It is used by the glance and keystone modules.

corosync

[DEPRECATED] Corosync is used by the openstack_admin class to provide HA services to the controller.

dnsmasq

[DEPRECATED] Although dnsmasq is still used by cobbler and openstack, the dnsmasq module is not used.

drbd

[DEPRECATED] Used by openstack_admin to provide HA services on the control node.

glance

The openstack image registry. For more info on Glance, go here. Glance is one of the simplest pieces of an Openstack cloud. There is no support in this puppet module for managing what images are available, or for inserting images into the registry. The backend can be changed from the default file to swift for production deployments.

graphite

Graphite is a scalable real-time graphing system. It is included in the build node via 'master-node' in core.pp. All collectd agents need to be aware of the graphite host location, so if you want to move graphite off the build node, update the collectd definition in the base node in core.pp.

horizon

Horizon is the django based web interface for an Openstack cloud. It runs on the control node and is included via openstack::controller. There is no mention of horizon in core.pp since it generally doesn't require any configuration as a very simple web app.

inifile

Used by Glance, Keystone and Quantum to easily create ini files.

keystone

Keystone is the openstack identity service. The keystone module contains providers/types for the contents of the keystone DB: users, roles, services, tenants and endpoints. The admin and service elements that are required for openstack to function are created in the openstack::controller class.

memcached

Memcached is instantiated by openstack::controller to act as a cache for Horizon.

monit

[DEPRECATED] Ignore.

mysql

Used by the puppet module to create a mysql server on the build node to enable the use of storeconfigs, and used by the openstack::controller class to create the my sql server required for Openstack.

naginator

The top level class naginator will install the nagios server, this is included in the node type 'master-node'. There are then classes for the other types of node that will monitor the apprpriate things: naginator::compute_target, naginator::control_target, naginator::swift_target. There is a naginator::base_target that is included in the 'base' node type that all nodes inherit from.

nova

Nova is the part of openstack responsible for VM management. There are two obvious pitfalls when working with this module: there are hundreds of potential flags to be passed into nova.conf, and nova is deeply tied into quantum via openvswitch, so care must be taken when modifying either. nova.conf configuration takes the following form:

nova_config { 'flag_name' : value 'flag_value' }

All of these are aggregated at runtime to create the nova.conf file.

ntp

Configures ntp such that the build server will sync with the list of servers given in site.pp, and the other nodes will sync with the build node. The 'master-node' node type contains the former and the os_base node type contains the latter.